oss-sec mailing list archives

Re: Is CVE-2024-30203 bogus? (Emacs)

From: Ihor Radchenko <yantar92 () posteo net>
Date: Wed, 10 Apr 2024 12:04:06 +0000

Sean Whitton <spwhitton () spwhitton name> writes:

Hmm, thank you, but let me ask a follow-up question: do you agree with
me that there is only one security flaw covered by these two CVEs, and
CVE-2024-30203 is the superfluous one?


Yes, CVE-2024-30203 title is superfluous.
And CVE-2024-30204 title is not accurate - it only applies to
certain attachments with specific (text/x-org) mime type.

-- 
Ihor Radchenko // yantar92,
Org mode contributor,
Learn more about Org mode at <https://orgmode.org/>.
Support Org development at <https://liberapay.com/org-mode>,
or support my work at <https://liberapay.com/yantar92>

Current thread:

Is CVE-2024-30203 bogus? (Emacs) Sean Whitton (Apr 08)
- Re: Is CVE-2024-30203 bogus? (Emacs) Eli Zaretskii (Apr 08)
  - Re: Is CVE-2024-30203 bogus? (Emacs) Max Nikulin (Apr 08)
- Re: Is CVE-2024-30203 bogus? (Emacs) Ihor Radchenko (Apr 08)
  - Re: Is CVE-2024-30203 bogus? (Emacs) Sean Whitton (Apr 10)
    - Re: Is CVE-2024-30203 bogus? (Emacs) Ihor Radchenko (Apr 10)
    - Re: Re: Is CVE-2024-30203 bogus? (Emacs) Salvatore Bonaccorso (Apr 10)
    - Re: Is CVE-2024-30203 bogus? (Emacs) Max Nikulin (Apr 10)
    - Re: Is CVE-2024-30203 bogus? (Emacs) Sean Whitton (Apr 11)
    - Re: Re: Is CVE-2024-30203 bogus? (Emacs) Sean Whitton (Apr 11)
    - Re: Is CVE-2024-30203 bogus? (Emacs) Max Nikulin (Apr 11)